Google’s New Security Certificate for Google Apps : ISO 27001


For those who haven’t already heard about it, the Internet Giant Google has earned another ISO certificate for Google Apps for Business in the second half of May 2012. It is ISO 27001 certification. This is a great achievement by them as it is really difficult to earn this certificate. Many of us don’t know about this certificate and what does it stands for. So I decided to research about it and explain it here. So here I go.

What is ISO 27001 Certification

TheISO 27001 Certification is done by International Organization for Standardization  and is an integral part of their Information Security Management System i.e ISMS check. It is a certificate with International Acceptance  and is preferred by almost all the countries in the World.
A product/service which gets this Certificate is considered to be of high standards and comprising of high level of security. To gain it, one has to go through a very rigorous process.

How to Earn ISO 27001 certification

For earning ISO 27001 certification, an ISMS must pass through a third-party audit/scanning with a high score. For Google Apps for Business, this was conducted by ISO and the auditing body was Ernst & Young CertifyPoint, which are themselves a ISO-certified body.

What does Audit Comprise of

The complete ISO 27001 certification audit comprises of three-folds in total. They are:

  1. An informal assessment about Security Risks and Control about the Organization’s Information.
  2. In-depth audit of the above assessment.
  3. Multiple Check-up and Assignments/Exams to guarantee the control an security of information.

What Auditing Body looks for

During the complete audit, the third party i.e. the auditor makes sure that all the standards of ISO 27001 are met.
Eg. If some kind of vulnerability is found, then certification-assessment  process is cancelled there itself. In this assessment, special attention is given to impacts, threats and security. Also the future plans to strengthen security and risk treatment methods are assessed.

What ISO 27001 Certification Mean for Google

It really means a big-deal for them. At first, it satisfies present user and also proves them in front of potential users. This will surely increase user-trust in them and many more organisations will go for it. This also proves that they are the best app provider for small businesses.

So now, I think you must be clear with ISO-27001. If you have any further question, feel free to ask.